The Results of the 1.1.1.1 Public DNS Resolver Privacy Examination

[_vvdf]

So APNIC essentially gets an "anonymized" firehose of DNS requests sent through 1.1.1.1? What is their retention policy?

From https://www.cloudflare.com/resources/assets/slt3lc6tev37/5xl...:

"A log of the DNS request, with truncated source IP address, is routed from Cloudflare’s edge data centers to Cloudflare’s main data center. The data first enters a stream processing platform that translates the truncated source IP address into the autonomous system number (“ASN”) of its originating network, and deletes the data within 25 hours of ingestion. Moving from the stream processing platform, the data flows into a database table, where the DNS data record is stored with the ASN instead of the truncated source IP. The DNS data records in this database table are deleted within 25 hours...

Cloudflare has an agreement with Asia-Pacific Network Information Centre (“APNIC”) that allows Cloudflare the use of the 1.1.1.1 IP address. In exchange, APNIC has access to the anonymized logs stored in the Public Resolver table in Cloudflare’s data center for research purposes. APNIC has access to this data through the use of a unique, authorized API key."

[a012]

> A public resolver user’s IP address (referred to as the client or source IP address) will not be stored in non-volatile storage. Cloudflare will anonymize source IP addresses via IP truncation methods (last octet for IPv4 and last 80 bits for IPv6). Cloudflare will delete the truncated IP address within 25 hours.

IMO, truncating only last octet of IPv4 address is not anonimized enough.

[jgrahamc]

We drop the last octet at the edge. Then we keep the truncated IPs for 25 hours to deal with attacks. Then we delete it completely.